Cyoda-go

Relational Databases

A Go‑based Entity Database Management System (EDBMS) that provides a single transactional runtime for entity lifecycles with built‑in state machines, processors and full revision history.

Track releases GitHub

Go Latest v0.7.1 · 28d ago Security brief →

Features

Transactional EDBMS with embedded state machine and revision history
Unified API across four storage engines (memory, SQLite, PostgreSQL, Cassandra)
Zero‑code switch between storage backends via environment variable
Built‑in JWT authentication flow for secure access

Recent releases

View all 7 releases →

v0.7.0 Breaking risk 29d

Breaking changes

OpenAPI spec‑server conformance validation enforced (BREAKING) — see fix(openapi)! #21

Notable features

Cosign keyless signatures on archives with verification in install.sh
E2E openapi validator integrated into TestMain and operating in record mode
Markdown report writer for conformance findings added to e2e suite

Full changelog

Changelog

73e79f3dff1060e37545004094571b3a063fcd91 release: v0.7.0 — collection workflow routing + transactionWindow chunking + per-item ifMatch + COMMIT_BEFORE_DISPATCH (#231)
18d9d042772226d3c35a9adc3f56ed9fb607f6da Merge pull request #225 from Cyoda-platform/release/v0.7.0
c251674ee8ba9b67f2e2876c6f352148dc0a6d53 docs(openapi): document asyncResult/crossoverToAsyncMs Cloud-parity gap (#223) (#224)
9cd4bc94ebad98d1ee7ef86f32f3a647addab110 Merge pull request #221 from Cyoda-platform/release/v0.7.0
e82171c9866f579d1a7f37cffbb98e90b28c2917 docs(changelog): expand v0.7.0 entry to cover all 15 milestone issues (#220)
a4f7f6fa17dbc466a9fa41fe81aad03fb6092b2d fix(release/v0.7.0): security-audit findings on supply-chain + concurrency (closes #218) (#219)
236b35e113d8eb3af46c9939001736fb09c35758 fix(release/v0.7.0): code-review findings on #210/#211/#213 (#214)
024de7dae7274ffb7027b8aea8fd3b090224d876 refactor(common): separate (status, code, retryable) axes in 4xx errors (#140) (#213)
ddad755dddbeb7288e757bc04f245f1c7d20aa07 docs(chart): dedicated guides for Ingress→Gateway migration + Gateway API policies (#57 #58) (#212)
5a1ffacef2bf26d0c2fbe615772e3468c0062ced fix(search): single-node invalidation + cross-tenant isolation in path cache (#174 #175) (#211)
b3a2b65d115878ac53597b6c1c91a52884ccd5c1 feat(release): cosign keyless signatures on archives + verify in install.sh (#47) (#210)
7e35823f063ce3825a7ea14c43a281d685ade936 feat(fixtureutil): add LaunchCyodaClusterAndComputeWithBinaries (#157) (#209)
fcbb7266982130b6600c25a3c60f4fa03c31bc7e test(parity): unblock #150/#152 skips — handler-param fixes already delivered (#208)
541498fa18a5ddcb501e1e8cedfff59773fb7024 fix(release): publish install.sh as a release asset + adopt stable URL (#49) (#207)
3003fecc2b79c85fb7ed47786bfe717a715f49bb chore(deps): bump docker/setup-buildx-action from 3 to 4 (#206)
64ce242f45c44fa18852a20402f0b1010de31136 docs(architecture): add CONCURRENCY.md (#199 PR-C3) (#205)
ef16894bc5bfeaa949d069671538a6901b8d5e79 fix(postgres): tenant isolation across TM lifecycle surface (#199 PR-C2) (#204)
2a8c782c644a786b418f8797e3c60724762e6776 fix(sqlite): tx.OpMu coverage for Savepoint/RollbackToSavepoint + tenant isolation (#199 PR-C1) (#203)
9e8e0f12497d6a2094918d555cb0cc61b833bcd3 chore(deps): bump cyoda-go-spi to v0.6.1 (#199 PR-B) (#202)
5c9cdf0a08b5793fa3155ba6930c695cd7b587ea fix(memory): tx.OpMu coverage for Savepoint/RollbackToSavepoint/Join + tenant isolation (#199 PR-A) (#201)
29057e9747c42d1f9ce73f498f5e40cf9dca7959 fix(memory): apply tx.OpMu locking discipline to remaining 6 in-tx ops (#176) (#198)
8bb7f49a4c5f59764268d239b3fc59c62faae6f4 fix(api): API-wide CORS support (#196)
faeddc9e58326f7b6d2ff799e0cc55882a1418ff fix(openapi)!: #21 spec-server conformance — runtime validator, audit, defect fixes (BREAKING) (#195)
4abcea6ac8d320def17673e4456b1fd9facbb1b0 docs: add CHANGELOG.md with v0.7.0 entry + README versioning policy
f1ee207bec4564865dbb6cf96eaa78965fa6f4fc chore(deps): root go mod tidy after sqlite-plugin dep bump (#180)
c3449387ffadd441ddfbf0c4c77394a7132cb204 fix(conformance): address M-1 through M-7 minor review findings
7028cc7654cbe19257a46a60f2086ada4356fc77 fix(conformance): address I-1/I-2/I-3 review findings
1d037f6c17e21d0f09f32ed5847498f12a3c74d5 docs: final consistency pass for openapi.md (Task 11.3 / #21)
e85262f0d4adefcc8f62a53834a42f57c6044c12 feat(e2e): flip openapi validator to ModeEnforce + final consistency pass
6ffaa7f1274d208663864db81fefd782597a09f1 fix(spec+e2e): final cleanup — content-type drift, enum mismatch, uncovered-op closure
6fe60dea5db0380adbdca9eed76a3ecf1aa025e0 fix(search): reconcile spec with server, document ndjson streaming validator coverage
2d035ab344ea4c7424f56bbb2fd4aa987339ed5c fix(model): reconcile spec with server, declare error responses
85f174797add370f607760db20fd4ac76b68d207 docs(audit): fill commit SHA e9d6985 for Task 7.1 messaging rows
e9d6985d0b86f0464d07c9fca3500589c9abc220 fix(messaging): JSON-in-string content + dead-branch removal + EdgeMessagePayload schema
38a170036e8d827ea53d21699baae842501e5bb4 fix(e2e): add fallback path-template matcher for kin-openapi router overlaps
19aa18a7cc942b1bcd077cba6562e31d68880bfb docs(audit): note Task 6.1 embedded-spec update mechanism (commit 7ec63f3)
7ec63f34021a753226c57057fe32a1dac22cf65e fix(spec): update embedded swagger spec so GetSwagger reflects Task 6.1 changes
9f6f1a9948206039f8d0d205fe94f90b1ca2e7f5 docs(audit): fill commit SHA 9c721b4 for Task 6.1 entity rows
9c721b4f4f3cfd40c9b941c05f1a7f57f3451ceb fix(entity): reconcile spec with server (closes original #21 confirmed defects)
44a312c5499cf9d31ac50bc8a2a041b3947d8ad6 docs(audit): fill commit SHA 302ba1e for Task 5.1 transitions rows
302ba1ed3b416c00e8368525cb27853f26dedec8 fix(spec+e2e): document missing transitions endpoints + skip operational paths
51120fc0bd9df58ad876c9748253ef456665d06e docs(audit): fill commit SHA 04d6721 for Task 4.1 audit rows
04d6721d7376e721be3ad47833d1bbc240ff4e99 fix(audit): reconcile spec with server, declare AuditEvent discriminator union
580d4aab38c3b1e0268065f13ea0d616ce7d0a2e fix(help): remove CQL Execution Statistics from tag list test
bd98bd7fdca2df3e7bd4d4ad10d520a883d3b727 docs(audit): fill commit SHA 766df8b for Task 3.1 account/IAM rows
766df8b102342f6627c72eb5082a0d580292284e fix(account+iam): reconcile spec with server (decl. 501 for stubs per #194)
14a6b7825f1e0fedb8e17945cd9e93fe92b9c7b3 docs(audit): add per-operation OpenAPI conformance audit table
444103c54ef7e4a3712b38e209494605f837eef2 fix(e2e): harden validator against streaming-body panic + spec context-path
95e3589ae243820ab550109a9b85d0b53f8576e8 feat(e2e): wire openapi validator into TestMain + conformance test (record mode)
fc99fd4b211688f1b7f24f421e3d5abce721a54e refactor(e2e): route all test requests through e2eNewRequest helper
77bc07efad06ee9e16779b146109371773cf35ee feat(e2e): add markdown report writer for conformance findings
2565ca78493cf5e19950fbe6e0a825e0a99e353c feat(e2e): add validator middleware with mode-aware enforcement
25c59e12ec5043c20474a490a40643ce3b85bd8e docs(plan): correct Options struct placement in Task 1.5 spec
dbd8c99d7f04bddfe23d673165dc1ce8701c7816 feat(e2e): add Validator with kin-openapi response validation + fixture suite
65214bc989e2275d16200a989e6edb3522f10687 feat(e2e): add mismatch collector with exercised-ops tracking
1acba436e2ee79ee96f124802f53a73df7f4c624 feat(e2e): add WithTestT/TestTFromContext for per-request test capture
d09ecfc4e3b6ba6baf95e2cba4dd6249d5315484 fix(e2e): drop dead teeFR/teeFHR variants + simplify capture-test
7ac3de96840ebe24e839f20b6e19ce1400b38023 feat(e2e): add tee-writer that delegates Flusher/Hijacker/ReaderFrom
54e92e895060cb939c5659a07d78dc378ab32dd7 fix(e2e): reorder mode.go declarations + drop duplicate package comment
2e47db522a6af32e63fa1c8058e51eb4333b44ac feat(e2e): scaffold openapivalidator package with Mode constant
7101dcb4e05c6bafad9b0ca32293f61b681a7cfe docs(plan): add implementation plan for #21 OpenAPI conformance
4ecffd31152885a23e3a6352a885989404d86253 docs: revise #21 design after review-04 (2 nits) — convergence reached
33755373401c5bcb1f4c25a54523a2c9882b0cd8 docs: revise #21 design after review-03 (storage invariant + 3 moderates)
4d8c0afd4efbadccd0cbf3305209a9bce49d3afe docs: revise #21 design after review-02 (Go test mechanics + 5 strong concerns)
d51ffdb0211af6e4695578ced1f7a28f30567743 docs: revise #21 design after fresh-agent review
fd0ec61418799fb3c7d0d9fa6995255809264a15 docs(spec): add design for #21 OpenAPI server-spec conformance
315f8f93b7a2967f41d0b94ce33f3e62ccf7c0de docs(adr): add 0001 OpenAPI server-spec conformance approach

View release on GitHub

v0.6.3 New feature 1mo

Notable features

feat(search): wire pre-execution field-path validation with bounded refresh

Full changelog

Changelog

7f2746d9cf62aa492c52e3b47551e77b185faceb Merge pull request #177 from Cyoda-platform/release/v0.6.3
6e1ebe7a21a4c2fd028328f27ef8a16715a01ef3 fix(test): make TestShutdown_SecondSignal_ForcesHardExit deterministic on slow CI (#178)
8a914389e71c6b0b5726f5b698987e2642b153e1 fix(auth): v0.6.3 auth-hardening sweep (6 findings) (#173)
d3ef180467f53598ece175015206f45363435b5d fix(search): negative cache for unknown field-path validation (#172)
dae33c69d7389db08ef90c8722662e0b0719ad9e chore(auth): drop unused parseRSAPublicKeyFromPEM helper (#169)
50b12ca475ac8014f3e6d96d35a4ebc000fbebcc test(parity): add point-in-time / transactionId client helpers (#132) (#161)
25e70a287c418c7ca24470b8d48048bc46b6330e feat(search): wire pre-execution field-path validation with bounded refresh (#77) (#162)
5d6ccfdba576e5b9d71ca49a56ec72ecbd9f0e9e fix(entity): emit INCOMPATIBLE_TYPE for leaf type mismatches (#129) (#160)
0504e4409de6584019450296677a868c56569c94 test(e2e): pin cross-tenant invisibility for ?pointInTime and ?transactionId (#171)
436904b98977ade9506d60e4cd9676cfa2b11f0a fix(security): cap validator recursion depth (H4) (#170)
c7d9e218423e3caa4a20f0d207fe700c89936bae fix(entity): GetOneEntity now honors transactionId query param (#150) (#165)
2dfff72081424dd5aa8c3215ea5afc22d8b5ef8d fix(entity): propagate pointInTime in GetEntityChangesMetadata (#152) (#164)
b4dd489a9d42d17e73e72806a1716e5980b874c5 fix(auth,admin): trusted-key + auth/admin error hardening (#34 items 2-7, #68 item 14) (#159)
08d772a92cd06bc16d479ec2fac9d956487d4783 fix: app startup-failure and shutdown lifecycle (#10, #34, #68, #26) (#158)
c86afc823dbd0baf66bee39eab565e113db9aab9 fix(model): emit INVALID_CHANGE_LEVEL on set-change-level invalid enum (#130) (#156)
4ae1ccf7255d357d3bf4bce6a21ac413501bfc7f fix(auth): uniform 401 message + structured reason log (#68 item 12) (#155)
94ec3cc1868c7d2c9c2f57e334a7cd20dbb5ecad fix(workflow): return 404 MODEL_NOT_FOUND on import for unknown model (#131) (#154)
db24706fbf24ec434782c9e58f8a19e3e1597cd5 fix(memory): hold tx.OpMu.RLock around tx-state mutations in Save and CompareAndSave (#153)
8c5e9b2c103bbef110a958505c20560b9a563507 test(auth): cross-issuer JWKS signature-confusion regression (#68 item 9) (#151)
e5a1a5c505d295973606b3f4c1ca6e23c7938d87 fix(search): explicit pageNumber cap and bits.Mul64 offset overflow (#68 item 10) (#149)
524c076e93e00a7bf4417b771fdfaf8674c30569 fix(sqlite): derive CountByState IN-clause cap from SQLITE_MAX_VARIABLE_NUMBER (#68 item 11) (#148)
94ca1df422eb5e0df5a4d744b878074e2923ff98 fix(docker): pin distroless/static base image by digest (#147)
67bc5f5f2eab05990f5c276fc17df90fa24aec72 chore(ci): security hardening for v0.6.3 (#168)
f7bc7ee68c601805086b1189229d451e9c03ae48 docs(plan): v0.6.3 outstanding fixes implementation plan (#146)
27227387de3f219d2df122f4f98684d3860ba2da fix: specific dictionary error codes for model lifecycle and If-Match (#128) (#141)
3f172ff74c12e1a4d233e5dd7bc8229234d6d962 fix(common): make Conflict() non-retryable; add RetryableConflict() for TX aborts (#126) (#127)
709a86bf344773f7c875e1a1f938eec27e57d4d4 test: external API scenario suite — tranche 4 (#121) (#138)
8fe500595e34a2f76ed3a8e439499b317a3ef74b test: external API scenario suite — tranche 3 (#120) (#135)
215918f06eabb841001a20ce83d1947c6dc1dbc3 test: external API scenario suite — tranche 2 (#119) (#133)
6164b824af66226271b83752e3f834513d80586d test: external API scenario suite — tranche 1 (#118) (#125)
d6a1fe5feb560dc8517afcb1278a821c1df521ab chore(helm): bump chart appVersion to v0.6.2 (#117)

View release on GitHub

v0.6.2 New feature 1mo

Notable features

Added cloudevents topic and `cyoda help cloudevents json` command.
Implemented per-tag OpenAPI filtering in help output.
Implemented PUT /api/entity/{format} collection update endpoint.

Full changelog

Changelog

27bdff5a94b84ed84025c0bff4e33e418221e31f Merge pull request #116 from Cyoda-platform/release/v0.6.2
893f92468b82e66c712c34504c154c967a5ca727 fix(v0.6.2): review follow-ups across #112 / #114 (#115)
f0c39a829cdb5b245fa105464d36ed29cad58597 feat(help): add cloudevents topic + cyoda help cloudevents json (#113) (#114)
ed5908b6d9d32e8076105e03886a27f56e0a5f31 feat(help): per-tag OpenAPI filtering (#111) (#112)
f158fb26b63bc068db636181166790dc5c6343d9 chore(deps): bump the go_modules group across 2 directories with 2 updates (#110)
59fc007a41d8500fc6743734276e21eedbc03147 chore(helm): bump chart version and appVersion to 0.6.2 (#109)
66f5e327b0f79d5662f70ffc352e49d9031dd0d6 build(ci): aggregator for plugin submodule tests (#46) (#108)
ef5380b29e903b7a74302d4fa38ac55bc03a0b49 feat(entity): implement PUT /api/entity/{format} collection update (#92) (#107)
7ba5859335642b1ef74956483f0c9558effb8645 fix: search/entity batch (#79 #90 #93 #94) (#106)
860d2c888e82fdbddbc1a0cbba087d0cd02b44d5 fix: security batch (#97 #98 #99 #100) (#105)
e34d5f42e427cddf57c2e0800ea3a6ed97629653 fix(release): drop brew post_install; revise caveats (#96) (#104)
cb6cc1ff7266e283a958d06676a030d31add5f47 fix(cluster): gossip.Register honors ctx / CYODA_STARTUP_TIMEOUT (#9) (#103)
a29a3fb236f3513faf6e1dd43c22cb5e9a5acc26 fix(release): stamp version on help-JSON goreleaser hook (#101) (#102)